Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/9387863c-57eb-495e-863a-5f309d45c90f.roa
File: 9387863c-57eb-495e-863a-5f309d45c90f.roa (raw, json)
Hash identifier: k0qARPOTSWnwS07QOMBHsC0y0ufMNp7/JkcQX7E2RMQ=
Subject key identifier: 74:B1:F6:13:0F:E3:F2:12:E2:1E:C3:8C:FF:8A:63:4A:34:AB:1F:32
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 1C10BF7B4B18AEA53B2A1DE38992BF9A913FF630
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/9387863c-57eb-495e-863a-5f309d45c90f.roa
Signing time: Fri 20 Feb 2026 01:40:41 +0000
ROA not before: Fri 20 Feb 2026 01:40:41 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:6800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1c:10:bf:7b:4b:18:ae:a5:3b:2a:1d:e3:89:92:bf:9a:91:3f:f6:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 20 01:40:41 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=8616add73b15c10c7d625c50c8db03cbe546cb5c692323be4eaba619e3186bc3, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:30:5b:2c:c1:87:24:c7:af:88:6f:ff:a8:0e:
fe:3e:7e:08:88:4e:6a:06:76:ff:a5:75:2e:62:29:
4e:08:3e:6e:1f:de:c9:93:63:a1:87:6c:a4:fd:4b:
73:b9:d6:f3:02:fa:f4:b7:ae:70:a9:f4:f8:de:44:
9e:da:d2:76:68:48:a6:8d:7d:98:19:21:71:cf:63:
04:e8:1f:51:60:29:40:c4:4e:b4:65:4e:e6:5e:49:
c0:5e:ce:de:7b:05:36:f9:9b:1d:cf:c2:02:85:03:
ac:57:80:10:7b:c4:53:c0:53:bc:f9:87:cf:33:15:
1d:58:49:51:d4:de:e4:6f:00:12:6f:be:28:36:0e:
f8:11:52:da:f3:e1:f6:b1:70:1d:10:e8:2a:c0:6a:
6c:b4:fe:13:30:eb:a5:40:7b:82:0b:e5:21:df:a4:
f7:e5:af:45:82:0e:68:fe:54:48:a9:5d:23:c6:a4:
1b:be:11:e6:71:53:16:20:1e:a9:a8:81:a8:7d:98:
e8:10:dd:95:87:01:db:b5:84:74:b1:c1:24:e9:77:
bc:b0:34:d7:f7:53:78:59:88:6c:4e:8d:7d:a3:17:
c6:f3:01:bb:90:6c:73:ed:7b:0e:8c:ea:c8:ac:97:
39:b9:b0:0b:5b:fb:19:5d:bd:bb:72:1e:ed:8a:08:
e6:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:B1:F6:13:0F:E3:F2:12:E2:1E:C3:8C:FF:8A:63:4A:34:AB:1F:32
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/9387863c-57eb-495e-863a-5f309d45c90f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:6800::/40
Signature Algorithm: sha256WithRSAEncryption
09:be:78:26:1a:d5:b6:08:73:40:08:77:e5:21:23:58:65:85:
a9:4e:1f:88:ee:2f:d7:6f:85:0e:13:b1:51:c5:02:e8:5c:4d:
6d:86:bf:6e:24:b1:3e:a2:8b:b5:31:2b:59:f8:37:2f:a5:06:
1b:e8:06:aa:2e:c6:5c:1c:5e:3a:c0:fa:e2:ed:e5:6f:df:1c:
f2:53:ae:13:22:f2:17:ac:6e:cb:b4:83:16:bb:d4:f3:ca:81:
b6:6b:66:4c:58:25:af:95:df:4b:c9:df:25:7b:43:cc:04:5b:
55:01:6c:a8:b0:8e:ca:47:1d:57:5c:a9:e3:dd:ce:86:3e:35:
b3:f7:29:a5:9c:e8:5c:42:18:76:7c:81:93:fb:dd:fd:6d:02:
b0:50:61:08:f8:74:6c:41:cc:94:bc:7e:48:66:f2:bf:5d:7b:
37:68:90:22:08:9a:c6:3f:16:df:44:7c:9d:28:ef:3a:82:3b:
fa:ab:65:c5:b5:d3:c9:36:e3:89:28:86:40:71:46:78:b3:8e:
22:a7:bb:9e:99:60:b3:ee:c2:fc:64:cc:fa:4a:6b:31:bb:24:
f4:4b:0d:af:6d:a0:ee:5f:8f:ce:c8:81:53:00:32:57:9a:cd:
c3:01:d9:77:c4:18:f7:49:9a:13:ae:49:67:cd:94:0d:9d:95:
c5:de:97:41
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUHBC/e0sYrqU7Kh3jiZK/mpE/9jAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjAwMTQwNDFaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDg2MTZhZGQ3M2IxNWMxMGM3ZDYyNWM1MGM4ZGIwM2NiZTU0NmNiNWM2OTIz
MjNiZTRlYWJhNjE5ZTMxODZiYzMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOowWyzBhyTHr4hv/6gO/j5+CIhOagZ2/6V1LmIpTgg+bh/eyZNjoYdspP1L
c7nW8wL69LeucKn0+N5EntrSdmhIpo19mBkhcc9jBOgfUWApQMROtGVO5l5JwF7O
3nsFNvmbHc/CAoUDrFeAEHvEU8BTvPmHzzMVHVhJUdTe5G8AEm++KDYO+BFS2vPh
9rFwHRDoKsBqbLT+EzDrpUB7ggvlId+k9+WvRYIOaP5USKldI8akG74R5nFTFiAe
qaiBqH2Y6BDdlYcB27WEdLHBJOl3vLA01/dTeFmIbE6NfaMXxvMBu5Bsc+17Dozq
yKyXObmwC1v7GV29u3Ie7YoI5vMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR0sfYT
D+PyEuIew4z/imNKNKsfMjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
OTM4Nzg2M2MtNTdlYi00OTVlLTg2M2EtNWYzMDlkNDVjOTBmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8do
MA0GCSqGSIb3DQEBCwUAA4IBAQAJvngmGtW2CHNACHflISNYZYWpTh+I7i/Xb4UO
E7FRxQLoXE1thr9uJLE+oou1MStZ+DcvpQYb6AaqLsZcHF46wPri7eVv3xzyU64T
IvIXrG7LtIMWu9TzyoG2a2ZMWCWvld9Lyd8le0PMBFtVAWyosI7KRx1XXKnj3c6G
PjWz9ymlnOhcQhh2fIGT+939bQKwUGEI+HRsQcyUvH5IZvK/XXs3aJAiCJrGPxbf
RHydKO86gjv6q2XFtdPJNuOJKIZAcUZ4s44ip7uemWCz7sL8ZMz6SmsxuyT0Sw2v
baDuX4/OyIFTADJXms3DAdl3xBj3SZoTrklnzZQNnZXF3pdB
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:25:30 2026 by rpki-client